Privacy Policy

1.Identification of the Data Controller

BILBAO RIA 2000, S.A. is the CONTROLLER of the processing of the personal data of the USER, and you are hereby informed that the data will be processed in accordance with Regulation (EU) 2016/679 of 27 April (GDPR) and the Spanish Personal Data Protection and Guarantee of Digital Rights Act 3/2018 of 5 December (LOPDGDD).

You can contact the Data Controller by email at br2000@bilbaoria2000.com.

The address for complaints shall be the one given for the registered office of the Data Controller.

2.Purposes of the processing

a)To answer the questions that the data subject sends to the Data Controller.

Storage period: The data shall be stored until the issue raised by the data subject has been resolved. If necessary, the information shall subsequently be blocked during the legally-established periods.

Legal grounds: Consent of the data subject and legitimate interest of the data controller.
b)Manage your participation in the selection processes of the Data Controller.

Storage period: The data will be stored while you as data subject does not revoke your consent. If necessary, the information shall subsequently be blocked during the legally-established periods.

Legal grounds: Consent of the data subject and legitimate interest of the data controller.

3.Recipients of your data

The Data Controller contracts third parties to perform the processing in order to be able to provide its services. Specifically, the Data Controller has agreements signed with the following service suppliers:

Microsoft Corporation, covered by the Privacy Shield agreement as email provider. More information here: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&stat us=Active
Irontec, SL as web hosting supplier.

With the exception of those entities, your data shall not be given to any other third party. If your data need to be disclosed to third parties for any reason whatsoever, you shall be informed beforehand and, as applicable, your consent shall be sought and the purposes of the disclosure and the identity of the third party in question shall be specified.

The only exception is the cases where there is a legal requirement to disclose that data to a third party.

4.Rights

The people who provide us with their data enjoy the following rights in that regard:

a.Right of access
b.Right of rectification or deletion
c.Right to limit the processing
d.Right to portability
e.Right of objection
f.Right to withdraw consent

a.Right of access: anybody is entitled to obtain from the Data Controller confirmation of whether or not personal data concerning them is being processed and, should that be so, right of access to the personal data.
b.Right of rectification: it is the right to obtain the rectification of the personal data held by us and which concern you.
c.Right of erasure: it is the right to obtain the erasure of your personal data.
d.Right to limit the processing: it is the right for your data to no longer be processed by the relevant operations when any of the following conditions are met:
- When you have exercised your rights to rectification or objection, and the Data Controller is deciding whether to accept or reject the request.
- If the data processing were unlawful, which implies the erasure of the data, but you do not wish your data to be deleted by the Data Controller.
- When the data are no longer necessary for the processing, meaning the data should be deleted, but you want the Data Controller to limit their processing and keep them in order to be able to bring, exercise or defend yourself against claims.
e.Right to portability: It is the right to obtain from the Data Controller, in the case of the automated processing of your data, a copy of such data in a machine readable, structured format in common use or for that copy to be directly sent to the Controller that you indicate. Please note that this right shall not apply to:
- The data of third parties that you have provided to the Data Controller.
- Any data that concern you, but which third parties have provided to the Data Controller.
f.Right of objection: It is the right to object to your personal data being processed. As far as the processing by the Data Controller is concerned, you may object to being sent own or third-party commercial communications.

If you wish to obtain further information on your rights, we suggest you visit the website of the Spanish Data Protection Agency and consult the European Data Protection Regulation.

You may exercise these rights by sending an email to br2000@bilbaoria2000.com, clearly indicating which right you wish to exercise and providing a copy of your identity document to accredit your identification. You may also send the request by mail to the registered address of the Data Controller that appears in Point 1 of this Privacy Policy.

In addition, we hereby inform you that you can file a claim with the relevant Supervisory Authority, in this case, the Spanish Data Protection Agency, particularly, if you have not been able to exercise your rights satisfactorily. You can contact the Spanish Data Protection Agency by phoning 901 100 099 and 912 663 517 or visit it at its address C/Jorge Juan 6, 28001 – Madrid.

5.Security Measures

The Data Controller hereby guarantees you as the user that the processing performed complies with all the provisions of the aforementioned data protection legislation (GDPR and LOPDGDD) and that the data are processed in a lawful, legal and transparent way as regards the data subject, and appropriate, pertinent and limited to the necessary with respect to the purposes for which the data are processed.

Furthermore, the Data Controller guarantees that it has implemented the appropriate organisational and technical security measures that the GDPR and LOPDGDD establish in order to protect the rights and freedoms of USERS, and has provided the latter with the appropriate information to be able to exercise them.

The Data Controller wishes to clarify that it will not process or store data or information on its patients or on the results of their tests.

6.Provenance and truthfulness of the data

All the data collected come from the data subject. By accepting this Privacy Policy, you as the User declare and undertake to guarantee the truthfulness and accuracy of the data provided, as well as being their legitimate owner.

Furthermore, you undertake to always keep your data current and to inform the Data Controller without delay of any important changes, such as the change of holder of your bank account or any change to your email account provided in the relevant forms hosted on the website.

Accordingly, you as the User shall be solely liable for any breach of the above and shall hold the Data Controller harmless from any liability with regard to that data that you have not previously communicated.

Cookie	Type	Duration	Description
cookielawinfo-checkbox-necessary	persistent	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store user consent for the cookies in the “Necessary” category.
cookielawinfo-checkbox-non-necessary	persistent	11 months	This cookie is set by the GDPR Cookie Consent plugin. It is used to store user consent for the cookies in the “Non-Necessary” category.
viewed_cookie_policy	persistent	11 months	This cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
__utma	persistent	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. It is created when the JavaScript library executes and there are no existing __utma cookies. It is updated every time data is sent to Google Analytics.
__utmb	persistent	30 minutes	This cookie is set by Google Analytics. It is used to determine new sessions/visits. It is created when the JavaScript library executes and there are no existing __utma cookies. It is updated every time data is sent to Google Analytics.
__utmc	persistent	1 year	This cookie is set by Google Analytics and is deleted when the user closes their browser. It is not used by ga.js. It is used to enable interoperability with urchin.js, which is an older version of Google Analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	persistent	10 minutes	This cookie is set by Google Analytics and used to throttle the request rate.
__utmz	persistent	6 months	This cookie is set by Google Analytics and used to store the traffic source or campaign through which the visitor reaches the site.
_ga	persistent	2 years	This cookie is used to distinguish users and sessions.
_gid	persistent	1 day	This cookie is used to distinguish users and sessions.
GPS	persistent	30 minutes	This cookie is set by YouTube and registers a unique ID for tracking users based on their geographical location.
YSC	persistent	1 year	This cookie is set by YouTube and is used to track views of embedded videos.

Cookie	Type	Duration	Description
IDE	persistent	2 years	This cookie is used by Google DoubleClick and stores information about how the user interacts with the website and any other advert before visiting the website. This data is used to present the user with adverts that are relevant to them based on their user profile.
uid	persistent	1 month	This cookie is used to anonymously measure the number and behaviour of visitors to the website. This data includes the number of visits, average visit duration, pages visited, etc. to better understand user preferences for targeted adverts.
VISITOR_INFO1_LIVE	persistent	5 months	This cookie is set by YouTube. It is used to track information for YouTube videos embedded on a website.

Cookie	Type	Duration	Description
test_cookie	persistent	11 months	Google DoubleClick can set this cookie on our website to check whether the user’s browser accepts cookies. Google DoubleClick aims to improve the advertising the user sees.
YTC	persistent	10 minutes	This cookie is set by YouTube to manage the embedding and viewing of videos on our website.